Vulnerabilities > Asterisk > Certified Asterisk > 16.8.0

DATE CVE VULNERABILITY TITLE RISK
2022-08-30 CVE-2021-46837 NULL Pointer Dereference vulnerability in multiple products
res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk.
network
low complexity
asterisk digium debian CWE-476
6.5
6.5
2022-02-22 CVE-2022-23608 Use After Free vulnerability in multiple products
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE.
network
low complexity
teluu asterisk sangoma debian CWE-416
critical
 9.8
9.8
2022-01-27 CVE-2022-21723 Out-of-bounds Read vulnerability in multiple products
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE.
network
low complexity
teluu asterisk sangoma debian CWE-125
critical
 9.1
9.1
2021-12-22 CVE-2021-37706 Integer Underflow (Wrap or Wraparound) vulnerability in multiple products
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE.
network
low complexity
teluu asterisk sangoma debian CWE-191
critical
 9.8
9.8
2020-11-06 CVE-2020-28242 Uncontrolled Recursion vulnerability in multiple products
An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and Certified Asterisk before 16.8-cert5.
network
low complexity
asterisk fedoraproject debian CWE-674
6.5
6.5